CVE-2024-11079

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Ansible-Core versions 2.x

Description A flaw was found in Ansible-Core, allowing attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.

Recommendations For Ansible-Core version 2.x, update to the latest version to mitigate risks. As a temporary workaround, consider restricting the use of the hostvars object to minimize the risk of exploitation. Ensure your systems are updated to the latest versions to mitigate risks. Apply the latest patches and updates to secure your systems. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2025-09015

CVE-2024-11079

GHSA-99W6-3XPH-CX78

MGASA-2025-0052

OPENSUSE-SU-2024:14545-1

OPENSUSE-SU-2024:14546-1

OPENSUSE-SU-2024:14547-1

OPENSUSE-SU-2025:15638-1

OPENSUSE-SU-2025:15754-1

RHSA-2024:11145

Affected Products

Ansible-Core

Astra Linux

Debian

Red Os

CVE-2024-11079

Weakness Enumeration

Related Identifiers

Affected Products

References · 57